Security Engineer

The primary purpose of the Security Engineer role is to support the Technical Solutions Team in defending, responding, reporting, mitigating, and restoring enterprise systems before, during, and after any attempts at exploitation. Responsibilities will vary based on missions and threats. Daily tasks will involve serving as an escalation point and providing support for the team. You will work with various customers, including governments, the SME sector, large companies, service providers, and non-governmental organizations.

Key Accountabilities:

• Responsible for the security architecture and managing Splunk and Azure infrastructure, as well as creating use cases.
• Provide sustainment support for all delivered mission-specific IT equipment (hardware and software), ensuring availability of customized and standalone IT equipment.
• Manage Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and security-related devices such as Firewall, Intrusion Detection System (IDS), Endpoint Detection and Response (EDR), and Data Loss Prevention (DLP).
• Ensure the health of data sources feeding into SIEM or other security-related tools, such as system logs and application logs.
• Assist with assessments and forensic analysis when directed.
• Collaborate with the Security Operations Center (SOC) Team to ensure organizational systems are operational and secure.
• Help plan, create, and deploy tools needed to achieve objectives alongside the SOC Team.
• Contribute to the development of internal operational architecture, tools, and procedures aimed at improving performance.
• Work with development organizations to create and deploy necessary tools to meet objectives.

Requirements:

• Good coding experience in Python, PowerShell, or Bash to automate routine tasks.
• Strong understanding of Splunk query language and architecture.
• Ideally certified in Splunk and/or Azure.
• A bachelor's degree in a related field (IT, engineering) is preferred.
• At least 5 years of hands-on experience in security engineering, focusing on developing and implementing security solutions.
• Proven experience with security technologies, system hardening, threat detection tools, and managing security protocols.
• Knowledge of network and security tools such as Microsoft Azure Sentinel, Splunk, Juniper SRX, Cisco ASA, Palo Alto, Fortigate, and Security Onion.
• Strong understanding of network and system architectures, High-Level Design (HLD), and Low-Level Design (LLD).
• Experience with TCP/IP protocols, MITRE ATT&CK framework, and the Cyber Kill Chain.
• In-depth knowledge of security devices and applications such as DLP, Endpoint Security, Firewalls, and authentication services like ACL, TACACS, RADIUS.
• Strong understanding of Change Management and Incident handling.